ExamGecko
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search

Related questions











Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

A.
Salesforce license for sales users and Identity license for Marketing users
A.
Salesforce license for sales users and Identity license for Marketing users
Answers
B.
Salesforce license for sales users and External Identity license for Marketing users
B.
Salesforce license for sales users and External Identity license for Marketing users
Answers
C.
Identity license for sales users and Identity connect license for Marketing users
C.
Identity license for sales users and Identity connect license for Marketing users
Answers
D.
Salesforce license for sales users and platform license for Marketing users.
D.
Salesforce license for sales users and platform license for Marketing users.
Answers
Suggested answer: A, D

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

A.
Access Tokens
A.
Access Tokens
Answers
B.
Mobile pins
B.
Mobile pins
Answers
C.
Refresh Tokens
C.
Refresh Tokens
Answers
D.
Scopes
D.
Scopes
Answers
Suggested answer: D

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

A.
Refresh token
A.
Refresh token
Answers
B.
API
B.
API
Answers
C.
full
C.
full
Answers
D.
Web
D.
Web
Answers
Suggested answer: A, B

universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users?

A.
Use a custom attribute on the user object to control access to the mobile app
A.
Use a custom attribute on the user object to control access to the mobile app
Answers
B.
Use connected apps Oauth policies to restrict mobile app access to authorized users.
B.
Use connected apps Oauth policies to restrict mobile app access to authorized users.
Answers
C.
Use the permission set license to assign the mobile app permission to sales users
C.
Use the permission set license to assign the mobile app permission to sales users
Answers
D.
Add a new identity provider to authenticate and authorize mobile users.
D.
Add a new identity provider to authenticate and authorize mobile users.
Answers
Suggested answer: B

Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

A.
Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
A.
Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
Answers
B.
Enable the "Enforce Ip restrictions" settings in the connected App.
B.
Enable the "Enforce Ip restrictions" settings in the connected App.
Answers
C.
Enable the "All users may self-authorize" setting in the Connected App.
C.
Enable the "All users may self-authorize" setting in the Connected App.
Answers
D.
Enable the "High Assurance session required" setting in the Connected App.
D.
Enable the "High Assurance session required" setting in the Connected App.
Answers
Suggested answer: A, C

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

A.
Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
A.
Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
Answers
B.
Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
B.
Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
Answers
C.
Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
C.
Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
Answers
D.
Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
D.
Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
Answers
Suggested answer: C

Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

A.
SP-Initiated with Deep Linking
A.
SP-Initiated with Deep Linking
Answers
B.
SP-Initiated
B.
SP-Initiated
Answers
C.
IdP-Initiated
C.
IdP-Initiated
Answers
D.
User-Agent
D.
User-Agent
Answers
Suggested answer: C

Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate.

UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal.

When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

A.
Web Application flow
A.
Web Application flow
Answers
B.
SAML Bearer Assertion flow
B.
SAML Bearer Assertion flow
Answers
C.
User-Agent flow
C.
User-Agent flow
Answers
D.
Web Server flow
D.
Web Server flow
Answers
Suggested answer: D

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get esignatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

A.
Id
A.
Id
Answers
B.
Web
B.
Web
Answers
C.
Api
C.
Api
Answers
D.
Custom_permissions
D.
Custom_permissions
Answers
Suggested answer: D

IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

A.
Use the Salesforce Authenticator mobile app with two-step verification
A.
Use the Salesforce Authenticator mobile app with two-step verification
Answers
B.
Lock sessions to the IP address from which they originated.
B.
Lock sessions to the IP address from which they originated.
Answers
C.
Increase Password complexity requirements in Salesforce.
C.
Increase Password complexity requirements in Salesforce.
Answers
D.
Implement Single Sign-on using a corporate Identity store.
D.
Implement Single Sign-on using a corporate Identity store.
Answers
Suggested answer: A
Total 248 questions
Go to page: of 25